$ cat writeup.md…
$ cat writeup.md…
hackadvisor
Task: Flask monitoring platform with webhook integration feature allowing full-read SSRF. Solution: Chain SSRF to discover internal services, leak API key from debug endpoint, then exploit unsandboxed Jinja2 SSTI on authenticated admin report API for RCE.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar